Review of Resource Public Key Infrastructure (RPKI) to verify ownership and authenticity of telephone caller ID over Voice over Internet Protocol
As part of its strategic technology programme, Ofcom commissioned Wik Consulting to conduct an independent review of Resource Public Key Infrastructure's (RPKI) technical suitability to help address the problem of verifying ownership and authenticity of telephone caller ID (otherwise known as Calling Line Identity or CLI).
RPKI is already used by IP network operators to validate "holdership" of particular IP network number resources against the issuing Regional Internet Registry (RIR). It is used to address the accidental or malicious phenomenon known as "Route Hijacking", where a network announces a resource or route that it is not necessarily entitled to announce. RPKI provides a means of authenticating routing announcements to mitigate this problem.
The problem of validating a telephone caller ID shares many similar attributes this problem that RPKI was designed to solve. Ofcom commissioned the study by Wik consulting to further understand the benefits of, and barriers to equivalent cryptographic validation of CLI using. The international standards community is already examining the potential application of RPKI and other techniques to CLI validation, in part to help reduce the problems called by "CLI spoofing" where the identity of the caller is deliberately masked by the use of invalid or "hijacked" CLI for potentially malicious purposes.